Sold by: AttackIQ
Deployed on AWS
AttackIQ is the industry-leading provider of breach and attack simulation (BAS) products for security control validation. AttackIQ emulates adversary tactics, techniques, and procedures, aligned to the MITRE ATT&CK framework, and provides visibility into your security program performance with clear data-driven analysis and mitigation guidance.
4.3
Overview
Get your cybersecurity program tested against real-world threats, optimized for effectiveness, and ready for future attacks. You are testing for everyone. Your way, your budget, your needs.
We've designed 4 products to fit every organization's unique testing needs: Flex, Ready!, Enterprise, and AttackIQ for MSSPs. Learn more about each offering at https://www.attackiq.com/products/
1. AttackIQ Flex is an on-demand, pay-as-you-go, agentless test-as-a-service service. It enables organizations to quickly emulate adversary behavior through a simplified user experience, delivering detailed security control performance metrics and mitigations in minutes.
2. AttackIQ Ready! is BAS-as-a-Service, providing weekly and monthly automated validation along with on-demand, agent-based and agentless testing you can run anywhere, at any time. Customers get consistent visibility into security control effectiveness with clear remediation recommendations aligned to the MITRE ATT&CK framework.
3. AttackIQ Enterprise offers comprehensive, customizable security control validation, allowing users to design and run custom tests with expert guidance. It enables continuous validation with regular reporting, remediation recommendations, boundary posture management, and cyber hygiene checks - plus 24/7 access to AttackIQ's adversary research team.
4. The AttackIQ MSSP program offers a unique solution designed to accelerate MSSP growth utilizing the AttackIQ Partner Portal and Flex and Ready! platforms. With a focus on optimizing existing security infrastructure, MSSPs can boost revenue, enhance margins, and add BAS to their services portfolio.
For custom offers reach out to partners@attackiq.com .
Highlights
- Improved Efficiency: 57% efficiency increase in red team staff - roughly $80K per year in testing costs.
- Flexible Consumption: Co-managed, self-managed, or testing-as-a-service options.
- Faster Time to Value: Remediate risks in hours, not weeks, providing answers to security risk questions fast.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
AttackIQ Flex - 100 | AttackIQ Flex. 100 Credits. | $15,000.00 |
Dimension | Description | Cost/unit |
|---|---|---|
Additional_Usage | Additional Usage | $0.01 |
Vendor refund policy
AttackIQ does not currently offer refunds for AWS customers at this time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Customers have access to live support, expertly crafted Blueprints, bi-weekly Release Notes, and product updates, as well as the award-winning AttackIQ Academy, offering free cybersecurity courses and currently enrolls over 60,000 students.
For immediate assistance, contact partners@attackiq.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Adversary Behavior Emulation
Emulates adversary tactics, techniques, and procedures aligned to the MITRE ATT&CK framework for security control validation
Agent-Based and Agentless Testing
Supports both agent-based and agentless testing capabilities that can be executed on-demand or on automated schedules
Security Control Performance Metrics
Provides data-driven analysis of security control effectiveness with detailed performance metrics and clear remediation recommendations
Continuous Validation and Reporting
Enables continuous security control validation with regular reporting, boundary posture management, and cyber hygiene checks
Multiple Deployment Models
Offers flexible consumption options including co-managed, self-managed, and testing-as-a-service deployment models
Penetration Testing Capabilities
Scalable penetration testing across application security, AI, mainframes, cloud, and network infrastructure with expert validation and real-time insights.
Attack Surface Management
Continuous discovery and monitoring of external and internal assets with contextualized findings, exposure detection, and vulnerability prioritization to reduce alert fatigue.
Security Control Validation
Breach and attack simulation functionality to validate security controls effectiveness, improve detection capabilities, and identify ransomware risks across the cyber kill-chain.
Real-time Reporting and Remediation Support
Real-time reporting with high-fidelity results and zero false positives, supported by expert team assistance for accelerated remediation workflows.
Comprehensive Asset Discovery
Automated discovery and monitoring of unknown assets, security control coverage gaps, and risk-based remediation through contextualized vulnerability findings.
Vulnerability Prioritization and Deduplication
Consolidates and deduplicates vulnerability findings across security tools with mapping to security control configurations
Agentless Vulnerability Enrichment
Provides contextual enrichment of vulnerabilities including runtime status, internet reachability assessment, and active exploit availability detection
Security Control Mapping
Automatically maps vulnerability findings to compensating controls within existing security stack to identify optimal risk mitigation actions
Proactive Exposure Detection
Identifies and mitigates exposure to high-profile vulnerabilities, threat actors, and internet-exposed assets through continuous hunting
MITRE Framework Alignment
Continuously analyzes and optimizes security controls mapped to MITRE Framework Tactics, Techniques, and Procedures for defense posture assessment
Standard contract
No
Customer reviews
reviewer2797743
Continuous attack simulations have improved real-world threat detection and response skills
Reviewed on Jan 19, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for AttackIQ is conducting breach and attack simulation or any kind of new ransomware simulation, basically for executing particular real-world attack scenarios.
Regarding my main use case, I have used AttackIQ Ready, Flex, and Enterprise, which are the main three product types I have utilized most.
What is most valuable?
The best features AttackIQ offers include being a cybersecurity platform specializing in breach attack simulation and AEF validation, as it tests the organization's defenses by simulating real-world attack behavior, which are aligned with the MITRE ATT&CK framework, providing a platform where I can run real-world attack scenarios and identify and mitigate them.
AttackIQ is well-aligned with the MITRE ATT&CK framework and has strong continuous validation. The platform is built to run continuous and automation tests, which helps during point-in-time checks or reduces blind spots.
AttackIQ positively impacts my organization as most of my colleagues and seniors have been using it to understand real-world attack scenarios and how to cope with those situations, benefiting the company, colleagues, and team.
After using AttackIQ, it has helped the team and the company improve on false positives and reduce risk, as most people are now capable of identifying how to work on detection, improving fine-tuning and all those things. It has definitely benefited the organization in terms of faster risk identification and faster response times.
What needs improvement?
AttackIQ can be improved by implementing more of a security training platform focused on real-world scenarios, simulating real-world attack behavior aligned with the MITRE ATT&CK and NIST frameworks, which would help further on this prospect.
It can also improve in terms of identifying control gaps.
For how long have I used the solution?
I have been using AttackIQ for almost close to two years.
What do I think about the stability of the solution?
In my experience, AttackIQ is stable with no issues regarding downtime or reliability.
What do I think about the scalability of the solution?
The scalability of AttackIQ is good and on the brighter side, as it can handle increasing workloads and more complex simulations as my needs grow without any problem.
How are customer service and support?
The customer support for AttackIQ is quite quick to resolve issues, and my experience with their support team was positive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not used any previous vendor other than AttackIQ, as I focused on simulation rather than in-hand company usage.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for AttackIQ is that since I was using the free version, I did not purchase it initially and was only utilizing the platform, doing lab simulations that were free in that environment.
The value of AttackIQ is good; while it is not extremely high, it is on the good side where you can save money on AttackIQ, irrespective of the product you are going for.
Which other solutions did I evaluate?
Before choosing AttackIQ, I evaluated other platforms like ARCx, Codecademy, and AWS Skill Builder.
What other advice do I have?
In my current organization, we are not using AttackIQ; in my previous organization, I have used AttackIQ, and it was more of hands-on training rather than being deployed as a typical tool for improvement or knowledge enhancement.
In my previous experience with AttackIQ, it was all on-premises and training; we have not used any private cloud vendor.
My advice for others considering using AttackIQ is that people can utilize it since it offers free training on purple teaming and pre-simulation, which are useful for professional growth and skills development, even for those with limited industry certifications. I would rate this review an eight out of ten.
Shah F.
Great Cybersecurity platform
Reviewed on Dec 17, 2024
Review provided by G2
What do you like best about the product?
Best part is that it is easy to use and packed with many features
What do you dislike about the product?
More advertisement of product is needed to ensure people are aware about the services
What problems is the product solving and how is that benefiting you?
It protects my firms and employees security and ensure we focus on other tasks while this system handles all cybersecurity related concerns